initial

2021-02-07 23:45:55 +00:00 · 2021-02-07 23:45:55 +00:00 · 7a7bc34ae3
commit 7a7bc34ae3
32 changed files with 4857 additions and 0 deletions
--- a/modules/kubernetes/bind/deployment-factory/main.tf
+++ b/modules/kubernetes/bind/deployment-factory/main.tf
@ -0,0 +1,85 @@
+variable "named_conf_mounts" {}
+variable "deployment_name" {}
+
+resource "kubernetes_deployment" "bind" {
+  metadata {
+    name      = var.deployment_name
+    namespace = "bind"
+    labels = {
+      "app" = "bind"
+      "kubernetes.io/cluster-service" : "true"
+    }
+  }
+  spec {
+    replicas = "3"
+    selector {
+      match_labels = {
+        "app" = var.deployment_name
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app" = var.deployment_name
+          "kubernetes.io/cluster-service" : "true"
+        }
+      }
+      spec {
+        container {
+          name              = "bind"
+          image             = "resystit/bind9:latest"
+          image_pull_policy = "IfNotPresent"
+          port {
+            container_port = 53
+            protocol       = "UDP"
+          }
+          volume_mount {
+            mount_path = "/etc/bind/named.conf"
+            sub_path   = "named.conf"
+            name       = "bindconf"
+          }
+
+          dynamic "volume_mount" {
+            for_each = [for m in var.named_conf_mounts :
+              {
+                name       = m.name
+                mount_path = m.mount_path
+                sub_path   = m.sub_path
+            }]
+            content {
+              name       = volume_mount.value.name
+              mount_path = volume_mount.value.mount_path
+              sub_path   = volume_mount.value.sub_path
+            }
+          }
+
+          volume_mount {
+            mount_path = "/etc/bind/db.viktorbarzin.me"
+            sub_path   = "db.viktorbarzin.me"
+            name       = "bindconf"
+          }
+          volume_mount {
+            mount_path = "/etc/bind/db.viktorbarzin.lan"
+            sub_path   = "db.viktorbarzin.lan"
+            name       = "bindconf"
+          }
+        }
+        container {
+          name              = "bind-exporter"
+          image             = "prometheuscommunity/bind-exporter:latest"
+          image_pull_policy = "IfNotPresent"
+          port {
+            container_port = 9119
+          }
+        }
+
+        volume {
+          name = "bindconf"
+          config_map {
+            name = "bind-configmap"
+          }
+        }
+      }
+    }
+  }
+}
--- a/modules/kubernetes/bind/main.tf
+++ b/modules/kubernetes/bind/main.tf
@ -0,0 +1,72 @@
+variable "db_viktorbarzin_me" {}
+variable "db_viktorbarzin_lan" {}
+variable "named_conf_options" {}
+
+resource "kubernetes_namespace" "bind" {
+  metadata {
+    name = "bind"
+  }
+}
+
+resource "kubernetes_config_map" "bind_configmap" {
+  metadata {
+    name      = "bind-configmap"
+    namespace = "bind"
+  }
+
+  data = {
+    "db.viktorbarzin.lan"       = var.db_viktorbarzin_lan
+    "db.viktorbarzin.me"        = var.db_viktorbarzin_me
+    "named.conf"                = var.named_conf
+    "named.conf.local"          = var.named_conf_local
+    "named.conf.options"        = var.named_conf_options
+    "public-named.conf.local"   = var.public_named_conf_local
+    "public-named.conf.options" = var.public_named_conf_options
+  }
+}
+
+module "bind-local-deployment" {
+  source          = "./deployment-factory"
+  deployment_name = "bind"
+  named_conf_mounts = [
+    {
+      "mount_path" = "/etc/bind/named.conf.local"
+      "sub_path"   = "named.conf.local"
+      "name"       = "bindconf"
+    },
+    {
+      mount_path = "/etc/bind/named.conf.options"
+      sub_path   = "named.conf.options"
+      name       = "bindconf"
+    }
+  ]
+}
+
+module "bind-local-service" {
+  source       = "./service-factory"
+  service_name = "bind"
+  port         = 5354
+}
+
+module "bind-public-deployment" {
+  source          = "./deployment-factory"
+  deployment_name = "bind-public"
+  named_conf_mounts = [
+    {
+      "mount_path" = "/etc/bind/named.conf.local"
+      "sub_path"   = "public-named.conf.local"
+      "name"       = "bindconf"
+    },
+    {
+      mount_path = "/etc/bind/named.conf.options"
+      sub_path   = "public-named.conf.options"
+      name       = "bindconf"
+    }
+  ]
+}
+
+module "bind-public-service" {
+  source       = "./service-factory"
+  service_name = "bind-public"
+  port         = 10053
+}
--- a/modules/kubernetes/bind/service-factory/main.tf
+++ b/modules/kubernetes/bind/service-factory/main.tf
@ -0,0 +1,28 @@
+variable "service_name" {}
+variable "port" {}
+
+resource "kubernetes_service" "bind" {
+  metadata {
+    name      = var.service_name
+    namespace = "bind"
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" = "shared"
+    }
+    labels = {
+      "app" = var.service_name
+    }
+  }
+  spec {
+    type                    = "LoadBalancer"
+    external_traffic_policy = "Cluster"
+    selector = {
+      "app" = var.service_name
+    }
+    port {
+      name        = "dns"
+      protocol    = "UDP"
+      port        = var.port
+      target_port = "53"
+    }
+  }
+}
--- a/modules/kubernetes/bind/variables.tf
+++ b/modules/kubernetes/bind/variables.tf
@ -0,0 +1,71 @@
+variable "named_conf" {
+  default = <<EOT
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+//include "/etc/bind/named.conf.default-zones";
+EOT
+}
+
+variable "named_conf_local" {
+  default = <<EOT
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "viktorbarzin.me" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.me";
+};
+
+zone "viktorbarzin.lan" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.lan";
+};
+EOT
+}
+
+variable "public_named_conf_local" {
+  default = <<EOT
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "viktorbarzin.me" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.me";
+};
+EOT
+}
+
+variable "public_named_conf_options" {
+  default = <<EOT
+options {
+  querylog yes;
+  directory "/tmp/";
+  listen-on {
+    any;
+  };
+  dnssec-validation auto;
+
+  allow-recursion {
+    none;
+  };
+};
+EOT
+}